bbAntiSpam: Discuss how to stop web spam

The forum is retired.

bbAntiSpam Forum Index - Textual Confirmation - Security query

Author Message

Posted: Sun Feb 11, 2007 12:48 pm    Post subject: Security query  


I'm interested in using your mod - so downloaded it and had a quick look. I notice that you set a server path in a variable instead of in a constant and wondered if this was perhaps a security problem:

$phpbb_root_path = "./../";

Could a hacker pass in their own path (to an external site) via GET to compromise the server?

Site Admin

Joined: 18 Apr 2006
Posts: 805
Location: Saint-Petersburg, Russia

Posted: Mon Feb 12, 2007 4:34 am    Post subject:  


Don't worry, everything is ok here.

It isn't a use of variable, it's an assignment to the variable. And all the following uses of the variable will use the assigned value, which is constant.

This code is used everywhere in phpBB. See, for example, the file "viewtopic.php".
Oleg Parashchenko, bbAntiSpam
Do you love our tools? Please sponsor further development!

Posted: Mon Feb 12, 2007 6:14 pm    Post subject:  

Ok - thanks for the positive reply.

All the best,